New profile: koi #6329
New profile: koi #6329
Conversation
There was a problem hiding this comment.
Hello, the upstream profiles are intended to be reasonably secure and this
profile currently doesn't do much.
Please see profile.template and try to add all restrictions that do not break
common use cases.
If an option breaks something (and it's not immediately obvious why), you can
comment it and add a comment at the end of the line explaining why.
See also ktorrent.profile as an example of a KDE-related profile and the wiki:
|
Are you interested in submitting a complete profile? If not, I think this PR can be closed for now. |
| caps.drop all | ||
| ipc-namespace | ||
| machine-id | ||
| # Add 'net none' to your koi.local if you don't use Sunset/Sunrise feature. |
There was a problem hiding this comment.
Add netfilter below this line.
| # Restriction below breaks program on Arch. | ||
| #include disable-common.inc | ||
|
|
||
| include disable-devel.inc |
There was a problem hiding this comment.
| # Restriction below breaks program on Arch. | |
| #include disable-common.inc | |
| include disable-devel.inc | |
| include disable-common.inc | |
| include disable-devel.inc |
disable-common.inc is a rather important include.
I'd suggest including it and commenting lines in it until you find which ones
are causing problems.
Then for the relevant lines add ignore <entry> before the include.
| private-tmp | ||
|
|
||
| dbus-user filter | ||
| dbus-user.talk org.kde.* |
There was a problem hiding this comment.
| dbus-user.talk org.kde.* |
This seems overly broad and may allow escaping the sandbox.
Try to figure out more specifically what dbus names the program actually
uses/needs.
koi
Theme scheduling for the KDE Plasma Desktop
https://github.com/baduhai/Koi